Details
The use of complex passwords increases their strength against attack. The built-in Windows password complexity policy requires passwords to contain at least 3 of the 4 types of characters (numbers, upper- and lower-case letters, and special characters), as well as preventing the inclusion of user names or parts of.
Solution
Configure the policy value for Computer Configuration -> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> ‘Password must meet complexity requirements’ to ‘Enabled’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.
References
- 800-53|IA-5(1)(a)
- CAT|II
- CCI|CCI-000192
- CCI|CCI-000193
- CCI|CCI-000194
- CCI|CCI-001619
- Rule-ID|SV-29684r2_rule
- STIG-ID|3.028
- Vuln-ID|V-1150